[7.12][Telemetry] Security telemetry allowlist fix. #92850
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pjhampton
added
Feature:Telemetry
v7.12.0
Team: SecuritySolution
Contributor
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Bamieh
approved these changes
Feb 25, 2021
Member
|
Does this fix affect the sent data downstream? do we need to reach out to infra about this change? |
Bamieh
added
the
release_note:skip
pjhampton
added
release_note:fix
and removed
release_note:skip
Contributor
Author
|
I have already updated the infra indexers @Bamieh. It was just this piece that is broken |
patrykkopycinski
approved these changes
Feb 25, 2021
Contributor
gabriellandau
left a comment
gabriellandau
left a comment
There was a problem hiding this comment.
Can we also add process.thread?
"thread": {
"Ext": {
"call_stack": [
{
"instruction_pointer": 140722403727300,
"memory_section": {
"memory_address": 140722403086336,
"memory_size": 1159168,
"protection": "R-X"
},
"module_path": "c:\\windows\\system32\\ntdll.dll",
"symbol_info": "c:\\windows\\system32\\ntdll.dll!ZwCreateThreadEx+0x14"
},
{
"instruction_pointer": 140722362113391,
"memory_section": {
"memory_address": 140722361929728,
"memory_size": 1122304,
"protection": "R-X"
},
"module_path": "c:\\windows\\system32\\kernelbase.dll",
"symbol_info": "c:\\windows\\system32\\kernelbase.dll!CreateRemoteThreadEx+0x29f"
},
{
"instruction_pointer": 140722391791069,
"memory_section": {
"memory_address": 140722391683072,
"memory_size": 516096,
"protection": "R-X"
},
"module_path": "c:\\windows\\system32\\kernel32.dll",
"symbol_info": "c:\\windows\\system32\\kernel32.dll!CreateThread+0x3d"
},
{
"instruction_pointer": 140697069180492,
"memory_section": {
"memory_address": 140697069096960,
"memory_size": 1785856,
"protection": "R-X"
},
"module_path": "c:\\git\\endpoint-dev\\build\\elastic\\windows\\msvc14\\x64\\releasestatic\\memoryprotectiontests.exe",
"symbol_info": "c:\\git\\endpoint-dev\\build\\elastic\\windows\\msvc14\\x64\\releasestatic\\memoryprotectiontests.exe!0x7FF696D4564C"
}
]
},
"id": 7680
},
Contributor
💚 Build Succeeded
Metrics [docs]
History
To update your PR or re-run it, just comment with: cc @pjhampton |
This was referenced Feb 25, 2021
pjhampton
added a commit
that referenced
this pull request
Feb 26, 2021
pjhampton
added a commit
that referenced
this pull request
Feb 26, 2021
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Feb 26, 2021
…bana into task-manager/docs-monitoring * 'task-manager/docs-monitoring' of github.com:gmmorris/kibana: (40 commits) [Security Solution][Case][Bug] Improve case logging (elastic#91924) [Alerts][Doc] Added README documentation for alerts plugin status and framework health checks configuration options. (elastic#92761) Add warning for EQL and Threshold rules if exception list contains value list items (elastic#92914) [Security Solution][Case] Fix subcases bugs on detections and case view (elastic#91836) [APM] Always allow access to Profiling via URL (elastic#92889) [Vega] Allow image loading without CORS policy by changing the default to crossOrigin=null (elastic#91991) skip flaky suite (elastic#92114) [APM] Fix for default fields in correlations view (elastic#91868) (elastic#92090) chore(NA): bump bazelisk to v1.7.5 (elastic#92905) [Maps] fix selecting EMS basemap does not populate input (elastic#92711) API docs (elastic#92827) [kbn/test] add import/export support to KbnClient (elastic#92526) Test fix management scripted field filter functional test and unskip it (elastic#92756) [App Search] Create Curation view/functionality (elastic#92560) [Reporting/Discover] include the document's entire set of fields (elastic#92730) [Fleet] Add new index to fleet for artifacts being served out of fleet-server (elastic#92860) [Alerts][Doc] Added README documentation for API key invalidation configuration options. (elastic#92757) [Discover][docs] Add search for relevance (elastic#90611) [Alerts][Docs] Extended README.md and the user docs with the licensing information. (elastic#92564) [7.12][Telemetry] Security telemetry allowlist fix. (elastic#92850) ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
There was a bug in the allowlist layout for security telemetry in #91920
We are working on ways to make this easier to extend / manage / test in backref'd protections issue.
Checklist
The allowlist is already covered with tests - see #77200
Additional fields have been vetted for PII compliance by senior managers.
For maintainers